PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy ("Policy") explains how Manser Ventures ("we," "us," "our," or "Company") collects, uses, processes, and protects personal data when you visit our website at ventures.swiss (the "Website").

Website Operator: ventures.swiss is operated by Manser Ventures, a Swiss company dedicated to connecting the Swiss innovation ecosystem by facilitating connections between startups, founders, investors, and innovators.

We are committed to complying with:

• The Federal Data Protection Act (FDAP) of Switzerland
• The General Data Protection Regulation (GDPR) (EU/EEA)
• All applicable Swiss and European data protection laws

This Policy applies to all visitors of the Website, regardless of their location. If you do not agree with this Policy, please do not use the Website.

2. CONTROLLER & CONTACT INFORMATION

Data Controller:

Manser Ventures
In Hintereichen 5
8166 Niederweningen
Switzerland
Company Registration Number: CHE-290.255.704
Email: contact@manserventures.com

Responsible Person:
Ruben Leonardo Manser

For any privacy-related inquiries, please contact us at: contact@manserventures.com

3. WHAT PERSONAL DATA DO WE COLLECT?

3.1 Automatically Collected Data

When you visit ventures.swiss, we automatically collect limited technical information through our privacy-first analytics service:

• Internet Protocol (IP) Address: Your public IP address
• Browser Information: Browser type, version, and user agent string
• Device Information: Device type (desktop, mobile, tablet), operating system, and operating system version
• Geographic Location: Country and region based on IP address (city-level data is not collected)
• Referrer Information: The website or application that referred you to our Website
• Page Views: Which pages on the Website you access and the path you take through the Website
• Bounce Rate: Whether you leave the Website immediately after visiting a single page

Importantly: We do NOT collect:

• Persistent identifiers or tracking pixels (except for the demo_auth cookie on password-protected demo pages)
• Personal identifiers (name, email, phone number)
• Financial or payment information
• Sensitive or special categories of data
• Any data from contact forms (we do not have contact forms on the Website)

4. HOW WE COLLECT DATA

4.1 Automatic Collection via Web Analytics

All personal data listed in Section 3.1 is automatically collected when you visit ventures.swiss through our analytics service provider.

4.2 Analytics Service Provider & Hosting Infrastructure

We use Vercel Web Analytics to understand visitor behavior and improve the Website experience. Additionally, the Website itself is hosted on Vercel's global edge network infrastructure.

Service Provider Details:

• Provider: Vercel Inc.
• Service: Website hosting (on Vercel's edge network) and Website analytics
• Privacy First: Yes – Vercel Web Analytics is explicitly privacy-first and cookie-free
• Data Processing Agreement: In place
• Data Transfer: Data is processed by Vercel in accordance with applicable privacy frameworks
• Infrastructure: Hosted on Vercel's distributed edge network for optimal performance and reliability

What is Vercel's Edge Network:

Vercel's edge network is a globally distributed infrastructure that serves your website from servers located in multiple geographic regions. This allows us to deliver the Website with low latency and high availability to visitors worldwide. By using Vercel's edge network, your requests are routed to the nearest server location, which may be located in different countries depending on your geographic location.

International Data Transfer Frameworks:

Vercel complies with the following data protection frameworks to ensure adequate safeguards for data transfers:

• EU-U.S. Data Privacy Framework (EU-U.S. DPF)
• UK Extension to the EU-U.S. Data Privacy Framework
• Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

Vercel has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with regard to personal data processing. To view Vercel's DPF certification, visit: https://www.dataprivacyframework.gov/

For more information about how Vercel processes data, please visit: https://vercel.com/legal/privacy-policy

4.3 No Other Data Collection Methods

We do not:

• Use analytics tracking cookies, web beacons, pixels, or other tracking technologies
• Collect data through contact forms (none exist on the Website)
• Collect data from third-party sources
• Process payment information
• Use automated decision-making or profiling

4.4 Demo Authentication Cookie

The Website includes a password-protected demo section at /demo. When you enter the demo password, a session cookie named "demo_auth" is set on your device. This cookie serves solely to maintain your authentication session while accessing the demo and expires when:

• You close your browser
• Your session times out
• You manually log out of the demo

Demo Auth Cookie Details:

• Cookie Name: demo_auth
• Purpose: Session authentication for password-protected demo access
• Type: Session cookie (not persistent across browser sessions)
• Duration: Current browser session only
• Data Stored: Session identifier only (no personal information)
• No Tracking: This cookie is not used for tracking, analytics, or any purpose other than maintaining your demo session

This cookie is necessary for the technical functioning of the password-protected demo and does not fall under our general "no cookies" policy, as it is essential for legitimate demo access control.

5. LEGAL BASIS FOR PROCESSING

5.1 Legal Basis Under GDPR (for EU/EEA Users)

We process personal data based on the following legal basis:

Legitimate Interests (Article 6(1)(f) GDPR)

We process IP addresses, browser information, device information, and geographic location data to:

• Analyze Website usage patterns and visitor behavior
• Improve the Website's performance, functionality, and user experience
• Understand which pages and features are most valuable to visitors
• Detect and prevent technical issues
• Ensure Website security and stability

We process the demo_auth session cookie based on:

Contract Necessity (Article 6(1)(b) GDPR) - The demo_auth cookie is necessary for providing access to the password-protected demo section.

We have conducted a balancing test and determined that our legitimate interests in understanding Website performance and improving user experience outweigh any privacy interests of visitors, given that:

• We collect only non-sensitive technical data
• We use a privacy-first analytics service without tracking cookies
• No personal identification is possible from the data collected
• Visitors can control data collection through browser privacy settings
• The demo_auth cookie is essential for demo functionality

5.2 Legal Basis Under Swiss FDAP (for Swiss Users)

Under the Federal Data Protection Act (FDAP), processing is lawful when it serves a legitimate purpose and does not violate data protection principles. Our processing of analytics data meets these criteria for the same purposes outlined above (Website improvement and performance analysis). The demo_auth cookie is necessary for providing the requested service (demo access) and falls under contract necessity.

6. DATA RETENTION

6.1 Vercel Web Analytics Data Retention

Data retention for analytics collected through Vercel Web Analytics is governed by Vercel's data retention policies, not directly by us. Vercel Web Analytics is designed with privacy-first principles and does not store personal identifiers.

Vercel's Data Retention Policy:

For complete information about how long Vercel retains analytics data, please refer to Vercel's official documentation at: https://vercel.com/legal/privacy-policy

Vercel's analytics data may be retained for varying periods depending on the type of data and your account tier. Since we do not control the retention period directly, we recommend reviewing Vercel's privacy documentation for specific retention timelines.

6.2 Demo Authentication Cookie Retention

The demo_auth session cookie is automatically deleted when:

• You close your browser
• Your session times out (typically 24 hours of inactivity, depending on configuration)
• You manually log out of the demo section

No persistent record of demo_auth is maintained after the session ends.

6.3 Data Non-Identification & Anonymization

Important: Vercel Web Analytics does not store personal identifiers:

• No tracking cookies are used for analytics purposes
• No personal identifiers (such as names, email addresses, or persistent IP addresses) are stored
• Visitors cannot be identified individually
• Tracking across websites does not occur
• Browsing history cannot be rebuilt from the analytics data

7. WHO DO WE SHARE DATA WITH?

7.1 Service Providers (Data Processors)

We share analytics data only with our service provider:

7.2 Business Transfers

We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. In such event:

• You will be notified of any change in ownership or control of your personal data
• Any successor entity will be bound by the terms of this Privacy Policy
• You may request deletion of your data prior to any such transfer if permitted by law
• The transferee will be required to maintain the same level of data protection

7.3 No Third-Party Sharing

We do NOT:

• Share data with marketing partners
• Sell or lease personal data
• Share data with advertisers or brokers
• Share data with social media platforms (we only include redirect links to LinkedIn, no data is transmitted)
• Disclose data to government agencies unless legally compelled

7.4 Data Processing Agreement with Vercel

Vercel is a Data Processor under both GDPR and Swiss FDAP. We have a Data Processing Agreement in place that ensures:

• Data is processed only on our instructions
• Appropriate security measures are implemented
• Sub-processors are authorized and bound by similar obligations
• Data subject rights are respected

8. INTERNATIONAL DATA TRANSFERS

8.1 Transfer to the United States

Vercel Web Analytics and Vercel's edge network process data in the United States and through their globally distributed infrastructure. This constitutes an international transfer outside Switzerland and the EEA.

8.2 Data Privacy Framework

We rely on multiple mechanisms to ensure adequate data protection for international transfers:

Primary Mechanism: Data Privacy Framework (DPF)

Vercel Inc. is certified under the following Data Privacy Framework programs:

• EU-U.S. Data Privacy Framework (EU-U.S. DPF) - for EU/EEA data transfers
• UK Extension to the EU-U.S. Data Privacy Framework - for UK and Gibraltar data transfers
• Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) - for Swiss data transfers

Vercel has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with regard to personal data received from Switzerland, the European Union, and the United Kingdom. If there is any conflict between the terms of our data processing and the DPF Principles, the DPF Principles shall govern.

To view Vercel's DPF certification: https://www.dataprivacyframework.gov/

8.3 Secondary Mechanism: Standard Contractual Clauses

In addition to the DPF, we also rely on Standard Contractual Clauses (SCCs) as supplementary transfer mechanisms in accordance with GDPR Article 46 and Swiss FDAP principles.

8.4 Data Protection Standards

Vercel maintains appropriate technical and organizational security measures to protect transferred data, consistent with both the DPF Principles and Swiss/EU data protection standards. These measures apply to both analytics data and Website content delivered through the edge network.

9. YOUR DATA SUBJECT RIGHTS

9.1 Rights Available to You

Under GDPR and Swiss FDAP, you have the following rights:

Right of Access (GDPR Art. 15 / Swiss FDAP Art. 25)

• You may request a copy of personal data we hold about you
• We will provide this within 30 days

Right to Rectification (GDPR Art. 16 / Swiss FDAP)

• You may correct inaccurate or incomplete personal data
• Given the nature of analytics data, this right has limited application

Right to Erasure / "Right to be Forgotten" (GDPR Art. 17)

• You may request deletion of personal data we hold
• We will process this request within 30 days, subject to legal obligations
• Note: Data is automatically deleted per Vercel's retention policy

Right to Restrict Processing (GDPR Art. 18)

• You may request that we limit processing to storage only
• Processing will be restricted within 30 days

Right to Data Portability (GDPR Art. 20)

• You may request your personal data in a structured, portable format
• This right has limited application to analytics data

Right to Object (GDPR Art. 21 / Swiss FDAP Art. 28)

• You may object to processing of your data
• We will cease processing within 30 days, except where we have compelling legitimate grounds

Right to Withdraw Consent

• If processing is based on consent, you may withdraw it at any time
• Note: Our processing is based on legitimate interests (except demo_auth which is based on contract necessity)

9.2 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to:

Email: contact@manserventures.com
Mail: Manser Ventures, In Hintereichen 5, 8166 Niederweningen, Switzerland

Required Information:

• Your full name
• Your email address
• Description of your request
• Any additional details that help us identify you

We will respond to your request within 30 days. If we need more time, we will inform you of the extension and reasons for the delay.

9.3 No Discrimination

We will not discriminate against you for exercising your rights. Your use of the Website will not be affected by requests to exercise data subject rights.

10. DATA SECURITY

10.1 Security Measures

We implement appropriate technical and organizational security measures to protect personal data, including encryption in transit, secure hosting on Vercel's infrastructure and edge network, access controls, and regular security updates. However, no system is entirely secure, and we cannot guarantee absolute protection against all threats.

10.2 User Responsibility

Users are responsible for maintaining the security of their own devices, browsers, and passwords. If you access the demo section, please ensure you keep your demo password confidential and do not share it with unauthorized persons.

10.3 Data Breach Notification

In the unlikely event of a data breach, we will:

• Notify the relevant Swiss (FDAP) and/or European (GDPR) authorities within 72 hours of becoming aware of the breach
• Notify affected individuals if the breach poses a high risk to their rights and freedoms
• Document the incident and maintain records of the breach

11. COOKIES & TRACKING TECHNOLOGIES

11.1 No Tracking Cookies

We do not use tracking, analytics, or advertising cookies on ventures.swiss, with the exception of a session cookie used exclusively for demo authentication.

Our analytics service (Vercel Web Analytics) is explicitly cookie-free and privacy-first. No tracking cookies, persistent identifiers, or cookies for marketing purposes are used.

Demo Authentication Cookie Exception:

The Website includes a password-protected demo section at /demo that uses a session cookie named "demo_auth" exclusively for authentication purposes. This is a temporary session cookie that:

• Contains only a session identifier
• Is not used for tracking or analytics
• Expires immediately when you close your browser or end your session
• Does not store any personal information
• Is required for the technical functionality of the demo access control

11.2 Browser Privacy Settings

You may control data collection through your browser settings by using privacy-focused browsers or browser extensions. If you access the demo section, you must allow session cookies for the demo_auth authentication to function properly.

12. THIRD-PARTY LINKS & EXTERNAL CONTENT

12.1 External Links

The Website contains links to external websites and social media platforms (including LinkedIn). We are not responsible for the privacy practices of these external sites.

Important: When you click a link to an external website:

• No personal data is transmitted from our Website to the external site
• The external site's privacy policy applies to their data collection
• You should review their privacy policies independently

12.2 No Embedded Third-Party Content

We do not embed:

• Third-party analytics tracking codes
• Social media widgets or buttons that track you
• Advertising pixels or conversion tracking
• Video embedding services that track users
• Comment systems or forms that collect data

13. CHILDREN'S DATA PRIVACY

13.1 Age Restriction

The Website is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.

If we become aware that we have collected data from a child under 13, we will delete such data immediately and will not use it for any purpose.

For EU/EEA users: The Website is not designed for children under 16 and does not rely on parental consent for processing.

13.2 Parental Concern

If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at contact@manserventures.com.

14. POLICY UPDATES & CHANGES

14.1 Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our data processing practices
• Changes in applicable laws or regulations
• Improvements in our privacy practices

14.2 Notification of Changes

Significant changes to this Policy will be communicated to you by:

• Posting the updated Policy on the Website
• Updating the "Last Updated" date at the top of this document
• Sending an email notification (if you have provided your email address)

Your continued use of the Website following any updates constitutes your acceptance of the revised Privacy Policy.

14.3 Review Regularly

We recommend that you review this Privacy Policy periodically to stay informed about how we protect your personal data.

15. DATA PROTECTION AUTHORITY CONTACTS

15.1 Swiss Authority

If you have concerns about our data protection practices under Swiss FDAP, you may contact:

Federal Data Protection and Information Commissioner (FDPIC)
Fédération Datenschutz und Informationsfreiheit (ISB)
Ständerat, 3003 Bern, Switzerland
Phone: +41 58 462 43 95
Email: contact@edoeb.admin.ch
Website: https://www.edoeb.admin.ch

15.2 EU/EEA Authority

If you are in the EU or EEA and have concerns about our data protection practices under GDPR, you may file a complaint with your local Data Protection Authority:

Example (Germany): Landesbeauftragte für Datenschutz und Informationsfreiheit (LDI)

Example (Austria): Österreichische Datenschutzbehörde

You can find your relevant authority at: https://edpb.ec.europa.eu/about-edpb/board/members_en

16. SPECIAL PROVISIONS

16.1 No Automated Decision-Making

We do not use automated decision-making, profiling, or algorithmic processing that produces legal or similarly significant effects on you.

16.2 No Sensitive Data Processing

We do not intentionally process any special categories of data as defined under GDPR Article 9 or Swiss FDAP, including:

• Health information
• Biometric data
• Genetic data
• Racial or ethnic origin
• Political opinions
• Religious beliefs
• Trade union membership
• Sexual orientation data

17. LEGITIMATE INTERESTS BALANCING

17.1 Detailed Balancing Test

We have conducted a comprehensive balancing test under GDPR Article 6(1)(f) (Legitimate Interests) for processing analytics data:

Our Legitimate Interests:

• Understanding Website usage and visitor behavior
• Improving Website performance and user experience
• Analyzing which pages and content are valuable
• Detecting technical issues and errors
• Ensuring Website availability and security

Data Subject Rights & Interests:

• Privacy in browsing behavior
• Freedom from tracking (mitigated by cookie-free analytics)
• Data minimization

Balancing Conclusion:

• Data collected is minimal and non-sensitive (technical data only)
• Analytics service is privacy-first with no tracking cookies
• No personal identification is possible
• The benefits of improving Website experience outweigh privacy interests
• Users can control collection through browser settings

Result: Legitimate interests assessment supports processing.

17.2 Privacy by Design

We implement privacy-by-design principles:

• Minimal data collection (only what's necessary)
• Privacy-first analytics service (no tracking cookies)
• Demo authentication via session cookie only (no persistent tracking)
• No profiling or automated decision-making
• No third-party tracking or advertising
• Transparent disclosure in this Privacy Policy

18. CONTACT & QUESTIONS

18.1 Privacy Inquiries

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices:

Email: contact@manserventures.com
Mailing Address:
Manser Ventures
In Hintereichen 5
8166 Niederweningen
Switzerland

Response Time: We will respond to all inquiries within 30 days.

18.2 Complaint Process

If you are dissatisfied with our response to a privacy request or concern, you have the right to lodge a complaint with the relevant data protection authority (see Section 15).

19. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person (data subject).

Processing: Any operation performed on personal data, including collection, storage, use, analysis, or deletion.

Data Controller: The entity that determines the purposes and means of personal data processing (Manser Ventures).

Data Processor: An entity that processes personal data on behalf of the controller (Vercel).

Legitimate Interests: The legal basis for processing when processing serves a purpose in the controller's or third party's interests, provided the data subject's rights do not outweigh those interests.

GDPR: General Data Protection Regulation (EU) 2016/679.

FDAP: Federal Data Protection Act (Switzerland).

Data Subject: The individual to whom personal data relates.

20. ACKNOWLEDGMENT & AGREEMENT

By accessing and using ventures.swiss, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.

If you do not agree with any part of this Privacy Policy, you should cease using the Website immediately.